[pmwiki-devel] Help with understanding an authentication problem

Wed May 27 04:01:26 CDT 2009

> John Rankin wrote:
>
> [...]
>
>>It seems to me that we ought to be able to define a custom
>>$AuthFunction that checks the IP address of the requestor,
>
> consider also requests from "dynamic" IP addresses. People might have
> changing addresses.

With my current problem, it is a server doing the requesting,
and in this particular case it is not being allowed to access the
wiki. Although it has a static address, you are correct about the
dynamic IP address case. Peter's suggested approach can satisfy
this, if the dynamic address can be expressed as a regular
expression; at least, I think that's the case.
>
> Remember the "DNSauth" code I posted last 2008-09-25 in the
> pmwiki-users list and asked for review. I'm still not sure whether
> this code works.
>
> Therefore I mad http://www.pmwiki.org/wiki/Cookbook/DNSauth now and
> ask again for comments and/or review.
>
> [...]
>
>>To make this work, the recipe would have to tell pmwiki,
>>"Instead of prompting for a username and/or password,
>>check the IP address of the requestor."
>
> s/Instead/before/

Ah, yes.
>
> My solution uses authuser and adds an entry to the 'authlist' array.
> This might be no solution for you, but you could use the DNS part,
> anyway.

Eemeli Aro suggested a related approach some time ago,
for when the IP address is known, although it doesn't seem
to work in my current case:

/*
  To use, put the following in your SiteAdmin.AuthUser file:
    ip: username ip-address
*/
$AuthUserFunctions['ip'] = 'AuthUserIP';
function AuthUserIP($pagename, $id, $pw, $pwlist) {
  $i = '';
  foreach ( (array)$pwlist as $d ) {
    if ($d==$id) { $i = $d; continue; }
    if ( $i && ( $_SERVER['REMOTE_ADDR'] == $d ) ) return true;
  }
  return false;
}

Perhaps the DNSallow recipe can use a similar approach?

JR